企业级镜像仓库Harbor

Harbor 部署HTTP

安装docker-compose

[root@k8s-master habor]# mv docker-compose-Linux-x86_64  /usr/bin/docker-compose

[root@k8s-master bin]# chmod +x /usr/bin/docker-compose

安装并配置habor

[root@k8s-master habor]# tar xzvf harbor-offline-installer-v2.0.0.tgz 

[root@k8s-master habor]# cd harbor/
[root@k8s-master harbor]# cp harbor.yml.tmpl harbor.yml
-------------------------------------------------------------------------------------
#修改配置文件
[root@k8s-master harbor]# vi harbor.yml
hostname: 192.168.153.27
harbor_admin_password: Harbor12345
--屏蔽https的配置
---------------------------------------------------------------------------------------
[root@k8s-master harbor]# ./prepare 
[root@k8s-master harbor]# ./install.sh 
-------------------------------------------------------------------------------------
[root@k8s-master harbor]# docker-compose ps
[root@k8s-master harbor]# docker-compose down
[root@k8s-master harbor]# docker-compose up -d

访问网站

http://192.168.153.27/
1638759769124.png

Docker登录

http登录,添加可信任

[root@es3 harbor]#  vi /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
  "insecure-registries":["192.168.153.27"]
}

重启相关服务

[root@es3 harbor]# systemctl daemon-reload  
[root@es3 harbor]# systemctl restart docker
-------------------------------------------------------------------------------
[root@k8s-master harbor]# docker-compose down
[root@k8s-master harbor]# docker-compose up -d

#如果有harbor,重启docker,就要重启docker-compose

登录验证

[root@es3 harbor]# docker login 192.168.153.27

Login Succeeded

镜像上传与下载

[root@es3 harbor]# docker image ls
REPOSITORY                      TAG            IMAGE ID       CREATED         SIZE
hello                           v1             3ce8dd487dba   16 hours ago    147MB
......

#打标签
[root@es3 harbor]# docker tag hello:v1 192.168.153.27/library/hello:v1


[root@es3 harbor]# docker image ls
REPOSITORY                      TAG            IMAGE ID       CREATED         SIZE
192.168.153.27/library/hello    v1             3ce8dd487dba   16 hours ago    147MB
hello                           v1             3ce8dd487dba   16 hours ago    147MB
......

#上传
[root@es3 harbor]# docker push 192.168.153.27/library/hello:v1

#下载
[root@es3 harbor]# docker pull 192.168.153.27/library/hello:v1
1638760665145.png

Harbor 部署HTTPS

生成证书

[root@es3 ssl]# chmod +x *
[root@es3 ssl]# ls
certs.sh  cfssl.sh

Harbor启用HTTPS

hostname: reg.pcitc.com
https:

  port: 443

  certificate: /root/ssl/reg.pcitc.com.pem
  private_key: /root/ssl/reg.pcitc.com-key.pem

重新配置并部署Harbor

[root@k8s-master harbor]# ./prepare 

[root@k8s-master harbor]# docker-compose down

[root@k8s-master harbor]# docker-compose up -d

访问网站

https://reg.pcitc.com/
1638771569466.png

Docker登录

配置客户端hosts(每个节点都要配置)

[root@es3 harbor]# vi /etc/hosts
192.168.153.27 reg.pcitc.com

配置可信任(每个节点都要配置)

[root@es3 ssl]# vi /etc/docker/daemon.json
{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
  "insecure-registries":["reg.pcitc.com"]
}

重启生效

[root@es3 harbor]# systemctl daemon-reload  
[root@es3 harbor]# systemctl restart docker
-------------------------------------------------------------------------------
[root@k8s-master harbor]# docker-compose down
[root@k8s-master harbor]# docker-compose up -d

#如果有harbor,重启docker,就要重启docker-compose

登录验证

[root@es3 ssl]# docker login reg.pcitc.com

Login Succeeded

镜像上传与下载

[root@es3 ssl]# docker tag tomcat:v1 reg.pcitc.com/library/tomcat:v1
[root@es3 ssl]# docker push reg.pcitc.com/library/tomcat:v1   
#其他节点
[root@prometheus ~]# docker pull reg.pcitc.com/library/tomcat:v1   

Harbor 主从复制

主备

• 简单,主挂了切到备Harbor
• 同一时间只有一台提供服务
• 适合少量镜像下载
1638778912604.png

双主复制

• 双向配置复制
• 两台同时提供服务
• 前面增加负载均衡器
1638779058549.png

一主多从

• 多个从同步主
• 适合多地区业务、大量镜像下载需求
1638779411313.png

配置可信任(主节点配置)

                                     
[root@es3 ~]#  vi /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
  "insecure-registries":["reg.pcitc.com","192.168.153.20","192.168.153.25"]
}

[root@es3 ~]# systemctl daemon-reload  
[root@es3 ~]# systemctl restart docker
[root@k8s-~ harbor]# docker-compose down
[root@k8s-~ harbor]# docker-compose up -d

主节点登录从节点

[root@es3 harbor]# docker login 192.168.153.20

Login Succeeded

[root@es3 harbor]# docker login 192.168.153.25

Login Succeeded

仓库管理(主机)

1638781763029.png

1638781827743.png

[图片上传中...(1638782524681.png-af5ed0-1638791875762-0)]


1638781850506.png

复制管理(主机)

1638782013515.png

1638782093429.png

1638782113993.png

推送镜像验证

[root@es3 harbor]# docker tag centos:7 reg.pcitc.com/library/centos:7
[root@es3 harbor]# docker push reg.pcitc.com/library/centos:7
1638782524681.png
1638782542213.png
1638782570224.png

Harbor 运维维护

容器 功能
harbor-core 配置管理中心
harbor-db PG数据库
harbor-jobservice 负责镜像复制
harbor-log 记录操作日志
harbor-portal Web管理页面和API
nginx 前端代理,负责前端页面和镜像上传/下载转发
redis 会话
registryctl 镜像存储
容器数据持久化目录:/data
日志文件目录:/var/log/harbor
数据库做好定期备份

你可能感兴趣的:(企业级镜像仓库Harbor)